Q. How can I restrict access to my SQL Server so that it only allows certain machines to connect?
(v1.0 19.10.1998)
怎樣才能限制我的SQL Server只能讓指定的機器連接
A. SQL Server has no built-in tools/facilities to do this. It also does not have the facility to run a stored-procedure on connection that could be written/used to do this. Therefore you have the following choices :-
SQL Server沒有這樣的功能,也沒有提供在連接時執行某一特定過程的功能。這裡介紹幾種實現的方法
1. Put the SQL Server behind a firewall and use that to restrict access. This is the most secure and functional way to do what you want.
使用防火牆,它提供了安全和你想用的工具。
2. Write your own ODS Gateway and point the clients at that instead of the SQL Server - the ODS Gateway will then do the checking. However, there is nothing stopping clients figuring out the correct SQL client-config entries to point straight at the SQL Server. There are examples of ODS code in the SQL Programmers Toolkit - available for free download from the MS website.
寫自己的ODS網關代替SQL Server的客戶端 - 在ODS網關中檢查。不過,這並不能停止正常的客戶端連接SQL Server。在SQL Programmers Toolkit中有一個這樣的例, 可以從微軟站點免費下載。
3. Write a constantly running/scheduled stored-procedure that checks the relevant column in sysprocesses (net_address), and then issues a KILL command for any processes that should not be running. Note that this only works for MAC addresses. This way allows people to connect and possibly make changes before they are spotted and killed.
寫一個存儲過程檢查sysprocesses中的相應列(net_address)